CodeQL 2.5.0 (2021-03-26)¶
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.
Security Coverage¶
CodeQL 2.5.0 runs a total of 239 security queries when configured with the Default suite (covering 108 CWE). The Extended suite enables an additional 79 queries (covering 26 more CWE). 2 security queries have been added with this release.
CodeQL CLI¶
Potentially Breaking Changes¶
- By default,
codeql testnow performs additional compiler checks when extracting test code written in Java. Existing Java tests that previously passed may therefore fail due to this change, if they do not compile using thejavaccompiler. To allow time to migrate existing tests, the new behavior can be disabled by setting the environment variableCODEQL_EXTRACTOR_JAVA_FLOW_CHECKS=false.
New Features¶
- Log files that contain output from build processes will now prefix it with
[build-stdout]and[build-stderr]instead of[build]and[build-err]. In particular the latter sometimes caused confusion.
QL Language¶
- The QL language now recognizes new
pragma[only_bind_into](...)andpragma[only_bind_out](...)annotations on expressions. Advanced users may use these annotations to provide hints to the compiler to influence binding behavior and thus indirectly performance.